How do you prevent the security warning "unknown publisher" for all users?

[Vera Noest [MVP]]

Re: How do you prevent the security warning "unknown publisher" for all users?

Re: How do you prevent the security warning "unknown publisher" for all users?

Aaaaah, I see! I was completely focused on the signed rdp files,
thought that the IEES problem was already solved.
Thanks, TP!
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

"TP" <tperson.knowspamn@mailandnews.com> wrote on 02 sep 2008 in
microsoft.public.windows.terminal_services:

> Hi Vera,
>
> If "Launching applications and unsafe files" is set to Disable
> for the applicable security zone, then the user will receive the
> message you expect. If, however, the setting is set to Prompt
> then the user will receive the message that Saucer Man is
> receiving.
>
> The instructions in your FAQ are relevant. If Saucer Man
> still has trouble after following them he should post back
> and we can help him troubleshoot.
>
> Thanks.
>
> -TP
>
> Vera Noest [MVP] wrote:
>> Then I would expect this message:
>>
>> When users start a program, they get a "file download" dialog
box,
>> or an error message: "Windows cannot access the specified
device,
>> path, or file. You may not have the appropriate permissions to
>> access the item."
>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
>>
>> but you can give it a try.

 

[Saucer Man]

Re: How do you prevent the security warning "unknown publisher" for all users?

Re: How do you prevent the security warning "unknown publisher" for all users?

Setting the GPO per the FAQ seems to solve the issue. However, I.E. warns
that this setting is not secure and not recommended. I would think that I
can somehow get it to recognize that these applications are safe without
having to use this setting. I have a call with Microsoft and they are still
trying to figure it out.

"TP" <tperson.knowspamn@mailandnews.com> wrote in message
news:ujeMCRQDJHA.3432@TK2MSFTNGP05.phx.gbl...
> Hi Vera,
>
> If "Launching applications and unsafe files" is set to Disable for the
> applicable security zone, then the user will receive the message you
> expect. If, however, the setting is set to Prompt then the user will
> receive the message that Saucer Man is receiving.
>
> The instructions in your FAQ are relevant. If Saucer Man still has
> trouble after following them he should post back and we can help him
> troubleshoot.
>
> Thanks.
>
> -TP
>
> Vera Noest [MVP] wrote:
>> Then I would expect this message:
>>
>> When users start a program, they get a "file download" dialog box,
>> or an error message: "Windows cannot access the specified device,
>> path, or file. You may not have the appropriate permissions to
>> access the item."
>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
>>
>> but you can give it a try.
>> _________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by private email ___
>
>

 

[Vera Noest [MVP]]

Re: How do you prevent the security warning "unknown publisher" for all users?

Re: How do you prevent the security warning "unknown publisher" for all users?

Yes, I agree with you, Saucer Man, one thinks that you shouldn't
need to use this setting when you have digitally signed your rdp
file.
I would appreciate it very much if you can report back here what MS
support finally suggests to solve the problem!
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

"Saucer Man" <saucerman@nospam.com> wrote on 02 sep 2008 in
microsoft.public.windows.terminal_services:

> Setting the GPO per the FAQ seems to solve the issue. However,
> I.E. warns that this setting is not secure and not recommended.
> I would think that I can somehow get it to recognize that these
> applications are safe without having to use this setting. I
> have a call with Microsoft and they are still trying to figure
> it out.
>
> "TP" <tperson.knowspamn@mailandnews.com> wrote in message
> news:ujeMCRQDJHA.3432@TK2MSFTNGP05.phx.gbl...
>> Hi Vera,
>>
>> If "Launching applications and unsafe files" is set to Disable
>> for the applicable security zone, then the user will receive
>> the message you expect. If, however, the setting is set to
>> Prompt then the user will receive the message that Saucer Man
>> is receiving.
>>
>> The instructions in your FAQ are relevant. If Saucer Man still
>> has trouble after following them he should post back and we can
>> help him troubleshoot.
>>
>> Thanks.
>>
>> -TP
>>
>> Vera Noest [MVP] wrote:
>>> Then I would expect this message:
>>>
>>> When users start a program, they get a "file download" dialog
>>> box, or an error message: "Windows cannot access the specified
>>> device, path, or file. You may not have the appropriate
>>> permissions to access the item."
>>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
>>>
>>> but you can give it a try.

 

[Saucer Man]

Re: How do you prevent the security warning "unknown publisher" for all users?

Re: How do you prevent the security warning "unknown publisher" for all users?

OK. The issue has been solved by Microsoft. They think the app itself
isn't digitally signed which is why the problem is occuring. Here's what
they did...

The opened the Local Group Policy Editor on the 2008 Terminal Server (I only
have 2003 admin templates in our 2003 AD so we couldn't do it with group
policy in my current group pllicty management console). They went to User
Configuration\Administrative Templates\Windows Components\Attachment
Manager. There is a policy setting for "Inclusion list for moderate risk
file types". They enabled this and added .exe in the list. I didn't want
to add all exe's so we changed it and put the entire executable name in the
exclusion list.

Thanks all for hanging through this long process. I appreciate it!

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message
news:Xns9B0E997054F38veranoesthemutforsse@207.46.248.16...
> Yes, I agree with you, Saucer Man, one thinks that you shouldn't
> need to use this setting when you have digitally signed your rdp
> file.
> I would appreciate it very much if you can report back here what MS
> support finally suggests to solve the problem!
> _________________________________________________________
> Vera Noest
> MCSE, CCEA, Microsoft MVP - Terminal Server
> TS troubleshooting: http://ts.veranoest.net
> ___ please respond in newsgroup, NOT by private email ___
>
> "Saucer Man" <saucerman@nospam.com> wrote on 02 sep 2008 in
> microsoft.public.windows.terminal_services:
>
>> Setting the GPO per the FAQ seems to solve the issue. However,
>> I.E. warns that this setting is not secure and not recommended.
>> I would think that I can somehow get it to recognize that these
>> applications are safe without having to use this setting. I
>> have a call with Microsoft and they are still trying to figure
>> it out.
>>
>> "TP" <tperson.knowspamn@mailandnews.com> wrote in message
>> news:ujeMCRQDJHA.3432@TK2MSFTNGP05.phx.gbl...
>>> Hi Vera,
>>>
>>> If "Launching applications and unsafe files" is set to Disable
>>> for the applicable security zone, then the user will receive
>>> the message you expect. If, however, the setting is set to
>>> Prompt then the user will receive the message that Saucer Man
>>> is receiving.
>>>
>>> The instructions in your FAQ are relevant. If Saucer Man still
>>> has trouble after following them he should post back and we can
>>> help him troubleshoot.
>>>
>>> Thanks.
>>>
>>> -TP
>>>
>>> Vera Noest [MVP] wrote:
>>>> Then I would expect this message:
>>>>
>>>> When users start a program, they get a "file download" dialog
>>>> box, or an error message: "Windows cannot access the specified
>>>> device, path, or file. You may not have the appropriate
>>>> permissions to access the item."
>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
>>>>
>>>> but you can give it a try.
>

 

[Vera Noest [MVP]]

Re: How do you prevent the security warning "unknown publisher" for all users?

Re: How do you prevent the security warning "unknown publisher" for all users?

OK, that makes sense.
I'm glad that your problem is solved, and thanks for sharing the
solution with us, Saucer Man!
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

"Saucer Man" <saucerman@nospam.com> wrote on 05 sep 2008 in
microsoft.public.windows.terminal_services:

> OK. The issue has been solved by Microsoft. They think the app
> itself isn't digitally signed which is why the problem is
> occuring. Here's what they did...
>
> The opened the Local Group Policy Editor on the 2008 Terminal
> Server (I only have 2003 admin templates in our 2003 AD so we
> couldn't do it with group policy in my current group pllicty
> management console). They went to User
> Configuration\Administrative Templates\Windows
> Components\Attachment Manager. There is a policy setting for
> "Inclusion list for moderate risk file types". They enabled
> this and added .exe in the list. I didn't want to add all exe's
> so we changed it and put the entire executable name in the
> exclusion list.
>
> Thanks all for hanging through this long process. I appreciate
> it!
>
> "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote
> in message
> news:Xns9B0E997054F38veranoesthemutforsse@207.46.248.16...
>> Yes, I agree with you, Saucer Man, one thinks that you
>> shouldn't need to use this setting when you have digitally
>> signed your rdp file.
>> I would appreciate it very much if you can report back here
>> what MS support finally suggests to solve the problem!
>> _________________________________________________________
>> Vera Noest
>> MCSE, CCEA, Microsoft MVP - Terminal Server
>> TS troubleshooting: http://ts.veranoest.net
>> ___ please respond in newsgroup, NOT by private email ___
>>
>> "Saucer Man" <saucerman@nospam.com> wrote on 02 sep 2008 in
>> microsoft.public.windows.terminal_services:
>>
>>> Setting the GPO per the FAQ seems to solve the issue.
>>> However, I.E. warns that this setting is not secure and not
>>> recommended. I would think that I can somehow get it to
>>> recognize that these applications are safe without having to
>>> use this setting. I have a call with Microsoft and they are
>>> still trying to figure it out.
>>>
>>> "TP" <tperson.knowspamn@mailandnews.com> wrote in message
>>> news:ujeMCRQDJHA.3432@TK2MSFTNGP05.phx.gbl...
>>>> Hi Vera,
>>>>
>>>> If "Launching applications and unsafe files" is set to
>>>> Disable for the applicable security zone, then the user will
>>>> receive the message you expect. If, however, the setting is
>>>> set to Prompt then the user will receive the message that
>>>> Saucer Man is receiving.
>>>>
>>>> The instructions in your FAQ are relevant. If Saucer Man
>>>> still has trouble after following them he should post back
>>>> and we can help him troubleshoot.
>>>>
>>>> Thanks.
>>>>
>>>> -TP
>>>>
>>>> Vera Noest [MVP] wrote:
>>>>> Then I would expect this message:
>>>>>
>>>>> When users start a program, they get a "file download"
>>>>> dialog box, or an error message: "Windows cannot access the
>>>>> specified device, path, or file. You may not have the
>>>>> appropriate permissions to access the item."
>>>>> http://ts.veranoest.net/ts_faq_user_issues.htm#IEESconfig
>>>>>
>>>>> but you can give it a try.